general · TheHackerNews
TheHackerNews reported on multiple security findings this week spanning AI systems, email services, and ransomware campaigns. A phishing campaign targets small businesses globally with fake law enforcement investigation emails, directing victims to password-protected archives hosted on Proton Drive that deliver custom ransomware; attackers negotiate ransom only after victims contact them via Tox chat. Separately, Armadin discovered an attack chain in Claude Cowork on Windows allowing local code execution to hijack a trusted process and execute commands as root in the sandbox without network restrictions; Anthropic stated this does not qualify as a security issue since it requires pre-existing local access. Apple's Hide My Email service contains a vulnerability enabling real email addresses to be unmasked, reported over a year ago and reportedly still unpatched. A China-linked remote access trojan called BeepRAT, based on the DCRat framework, was found distributed through a phone number utility and establishes persistence via scheduled tasks while using DNS-over-HTTPS for command-and-control communication.
These findings highlight permission and validation gaps relevant to Omniware's buyer base. Defense contractors handling CUI should assess whether development and collaboration tools—particularly AI-assisted sandboxes—implement proper privilege separation and local-execution controls; an Omniware engagement can scope sandbox escape risks in your supply chain. SaaS teams relying on third-party email privacy features should inventory dependencies and validate vendor patch timelines against NIST 800-171 and SOC2 Type II requirements. Healthcare and fintech organizations should strengthen phishing defenses and email authentication (SPF/DKIM/DMARC) to counter ransomware lures, and review incident response procedures for scenarios where attackers negotiate ransom dynamically based on perceived victim capacity to pay.
Source: TheHackerNews - https://thehackernews.com/2026/07/threatsday-ai-compute-hijacking-apple.html
Source: TheHackerNews
All briefings